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Using Qualys integration with CyberArk Application Identity Manager, About CyberArk 

CyberArk is the only security company that 
credentials management is simplified as customers no longer need to proactively stops the most advanced cyber 
threats - those that exploit insider privileges to 
attack the heart of the enterprise. The 
Qualys to perform authenticated scans. This significantly reduces the company/ltas pioneered: NeW category of 

targeted security solutions to protect against 
complexity of credential management because credentials are centrally cyber threats before attacks can escalate and 


do irreparable business damage.For more 


managed in the CyberArk solution. Organizations can automatically infortnatton; pledve-visit 


store and manage their passwords, private keys and certificates within 


rotate passwords, private keys and certificates based on their security E 
policy, eliminating the need to manually update credentials within the 
Qualys platform. Further, running credentialed-protected scans yield 


deeper, more accurate scan results. 


Simplified privileged credential management and improved compliance 
Internal policies and many regulatory requirements such as those in PCI, SOX, and HIPAA, require full 
accountability and traceability of all credential use. By storing privileged credentials used by Qualys 
Vulnerability and Compliance Scanning solution in CyberArk, organizations increase security and 

can enforce their security policies by automating credential rotation, centrally storing and managing 
credentials, and fully auditing credential use. Centralized management also makes it easier to update 
credentials, significantly reducing the potential for human error that can occur when manually maintaining 
credentials in the Qualys platform. 


Facilitates secure scanning, Resulting in better discovery and prioritization 
When a trusted scan is performed for vulnerability or compliance assessment, the Qualys scanner 
logs into the target machine and reads configuration data such as registry values, configuration files/ 
settings, and software inventory details. Qualys uses the configuration data to verify vulnerabilities 
and make sure configuration settings meet minimum required standards. By leveraging CyberArk 
automated credential rotation capabilities, which updates and synchronizes privileged account 
credentials at based on policy, there is never a fear of the Qualys scanner re-using unprotected 
credentials. This significantly improves security and facilitates wider adoption of credentialed 
scanning. By leveraging Qualys - CyberArk integration, customers get a better picture of the true state 
of compliance and vulnerabilities with the added depth of scanning across even the largest environments. 
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HOW IT WORKS: 
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Figure 1: Workflow of the integration between Qualys 
and CyberArk Application Identity Manager™ 


New Qualys Authentication Vault Record 
For CyberArk Application Identity Manager 


BEFORE LAUNCHING THE SCAN 


@ User configures the CyberArk solution according to their 
policies and sets up credentials 


ð User configures Qualys to use CyberArk integration by 
configuring Authentication 


LAUNCHING THE SCAN 


(3) User launches a trusted scan from Qualys 


O The Qualys Scanner Appliance (SA) queries the Central 
Credential Provider (part of CyberArk Application Identity 
Manager) for secure credentials retrieval from CyberArk 
Digital Vault 


O The SA scans the target using the credentials (Windows 
and Unix) 


6 Audit/control/policy enforcement using CyberArk 
Application Identity Manager 


A new authentication vault record type has been added in the 
Qualys Suite for CyberArk Application Identity Manager. This 
new integration can be used to securely retrieve privileged 
credentials at scan time and supports a variety of authenticated 
scans for Windows, Unix, and other operating systems and 
applications. We support the following authentication types: 


e Windows - Password-based credentials. 


e Unix - Password-based credentials, Private Key, Private Key 
Passphrase 


e Other - Password-based credentials for Cisco, Checkpoint 
Firewall, Oracle, Oracle Listener, IBM DB2, MS SQL, Sybase, 
MySQL and VMWare 
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CyberArk PIM Suite 
CyberArk AIM 
Thycotic Secret Server 
Quest Vault 

CA Access Control 
Hitachi ID PAM 
Lieberman ERPM 


Download... 
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How do | get started? 


Configure your CyberArk authentication vault (vault credentials), configure authentication records for your authentication types 
(safe location in CyberArk AIM), and start your scans. That's it! 
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Figure 2: Qualys easy configuration to create a new 
CyberArk authentication vault 


About Qualys 

Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in 
more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The Qualys Cloud Platform and integrated 
suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on 
demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys 
has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant 
Technology Solutions, Deutsche Telekom, Fujitsu, HCL, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and 
Wipro. The company is also a founding member of the Cloud Security Alliance (CSA). For more information, please visit www.qualys.com. 
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